Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

31 advisories

Loading
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment Critical
CVE-2024-38529 was published for admidio/admidio (Composer) Jul 29, 2024
UmerAdeemCheema
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability Critical
CVE-2018-9209 was published for fineuploader/php-traditional-server (Composer) May 14, 2022
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
fuadmin vulnerable to insecure file upload Critical
CVE-2023-36097 was published for funadmin/funadmin (Composer) Jun 22, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
Elefant CMS Code Execution Vulnerability Critical
CVE-2018-16974 was published for elefant/cms (Composer) May 14, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61 Critical
CVE-2022-27115 was published for studio-42/elfinder (Composer) Apr 12, 2022
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type Critical
CVE-2023-2034 was published for froxlor/froxlor (Composer) Apr 14, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability Critical
CVE-2023-25654 was published for baserproject/basercms (Composer) Mar 23, 2023
baserCMS allows any file to be uploaded Critical
CVE-2023-25655 was published for baserproject/basercms (Composer) Mar 23, 2023
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2021-26642 was published for xpressengine/xpressengine (Composer) Jan 20, 2023
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
FeehiCMS has an arbitrary file upload vulnerability Critical
CVE-2020-21516 was published for feehi/cms (Composer) Sep 7, 2022
rthorpeii
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2022-38916 was published for pagekit/pagekit (Composer) Sep 21, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API